Stahnutí viru.

[mrkew2]

Kamarád z tyhle stránky stáhl asi vira (neklikat pozor)

Kód: Vybrat vše

hxxp://share-fotos.com/view_id.php

Tak bych poprosil o překontrolovaní logu jestli to vážně něco je.

Logfile of random's system information tool 1.08 (written by random/random)
Run by David at 2010-09-26 21:11:59
Microsoft Windows 7 Home Premium
System drive C: has 66 GB (56%) free of 119 GB
Total RAM: 4061 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:12:02, on 26.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\David\Desktop\uTorrent.exe
C:\Users\David\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
D:\DAEMON Tools Lite\DTLite.exe
C:\Windows\nvsvc32.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
D:\ICQ7.1\ICQ.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.4.6.22.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\David\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\David\Desktop\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [FlashGet 3] "D:\FlashGet\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [FlashGet] "D:\FlashGet universal\flashget.exe" /min
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\David\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\David\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\NOVSLO~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\NOVSLO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.4.6.22.dll/206 (file missing)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://d1ylr6sba64qi3.cloudfront.net/gl ... 1.71.0.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... .3.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Unknown owner - C:\Windows\system32\sfrem02.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14538 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2c8
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\Avast5\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
Atouch64.exe
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
taskeng.exe {0BB9625F-4A5B-4076-BE99-E47438942E44}
"C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe" /crashhandler
"C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\AsScrPro.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" MySyncFolder
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\David\Desktop\uTorrent.exe"
C:\Windows\system32\wbem\wmiprvse.exe
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Users\David\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe" /crashhandler
C:\Windows\system32\SearchIndexer.exe /Embedding
"D:\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Windows\System32\StikyNot.exe"
C:\Windows\nvsvc32.exe
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Avast5\AvastUI.exe" /nogui
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044A1300.682480094 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044A1000.797759502 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044A1C00.417326132 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044B7C00.1902777415 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044B7900.1857268786 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044B7600.1794063231 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044B7300.1210251288 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044B7D80.804170761 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044DCC00.75661615 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.044DC900.1251405370 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path=C:\Users\David\AppData\Local\Google\Chrome\Application\6.0.472.63\gcswf32.dll --lang=cs --plugin-data-dir="C:\Users\David\AppData\Local\Google\Chrome\User Data\Default" --channel=236.064B164C.1333176043 /prefetch:4
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.09913900.1495011184 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.0910E600.1806532295 /prefetch:3
"D:\ICQ7.1\ICQ.exe"
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.04612900.1011439434 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.09F6F480.2069977791 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.064B7A80.1559167677 /prefetch:3
"C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_4/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_skipped/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=236.09F6F000.485324887 /prefetch:3
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -responsepester
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\David\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2239340465-1001483360-3508777747-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2239340465-1001483360-3508777747-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-25 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - D:\FlashGet universal\ComDlls\bhoCATCH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\BitComet\tools\BitCometBHO_1.4.6.22.dll [2010-06-22 734512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\David\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-25 444752]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-09-30 621440]
"EeeStorageBackup"=C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2009-11-26 1732608]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-20 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-20 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-20 415256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"uTorrent"=C:\Users\David\Desktop\uTorrent.exe [2010-05-04 319280]
"Google Update"=C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-05 136176]
"DAEMON Tools Lite"=D:\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"FlashGet 3"=D:\FlashGet\FlashGet3.exe -minimize []
"FlashGet"=D:\FlashGet universal\flashget.exe /min []
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [2010-09-25 58880]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-02-10 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-03 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
C:\Program Files\ASUS\NB Probe\NBProbe.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-17 2245120]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Google Desktop Search"=C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-17 30192]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe [2010-09-25 58880]
"avast5"=C:\Program Files\Avast5\avastUI.exe [2010-09-07 2838912]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-20 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\FlashGet\FlashGet3.exe"="D:\FlashGet\FlashGet3.exe:*:Enabled:Flashget3"
"D:\FlashGet universal\FlashGet.exe"="D:\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\FlashGet universal\LiveUpdate.exe"="D:\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\FlashGet universal\LiveUpdateEx.exe"="D:\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Users\David\Downloads\P12576574.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-26 20:56:14 ----SHD---- C:\Config.Msi
2010-09-26 20:17:58 ----D---- C:\Program Files\trend micro
2010-09-26 20:17:51 ----D---- C:\rsit
2010-09-26 18:26:38 ----HD---- C:\ProgramData\AVP9
2010-09-26 18:25:44 ----D---- C:\ProgramData\Kaspersky Lab
2010-09-26 18:11:27 ----D---- C:\Program Files (x86)\Skype
2010-09-26 17:00:39 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-09-26 17:00:39 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-09-26 17:00:38 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-09-26 17:00:38 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-09-26 17:00:36 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-09-26 17:00:08 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2010-09-26 17:00:06 ----D---- C:\ProgramData\Alwil Software
2010-09-26 17:00:06 ----D---- C:\Program Files\Avast5
2010-09-25 23:57:51 ----RSH---- C:\Windows\nvsvc32.exe
2010-09-25 12:08:23 ----D---- C:\Downloads
2010-09-24 22:28:20 ----D---- C:\Program Files (x86)\3DO
2010-09-24 22:27:41 ----A---- C:\Windows\IsUninst.exe
2010-09-24 22:10:02 ----A---- C:\Windows\War3Unin.pif
2010-09-24 22:10:02 ----A---- C:\Windows\War3Unin.exe
2010-09-18 23:01:51 ----D---- C:\Users\David\AppData\Roaming\BitComet
2010-09-15 22:09:06 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-09-15 22:09:06 ----A---- C:\Windows\system32\iertutil.dll
2010-09-15 20:06:58 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-08 21:43:00 ----D---- C:\ProgramData\Sun
2010-09-08 21:40:15 ----D---- C:\Windows\Sun
2010-09-08 21:40:10 ----A---- C:\Windows\SYSWOW64\javaws.exe
2010-09-08 21:40:10 ----A---- C:\Windows\SYSWOW64\javaw.exe
2010-09-08 21:40:10 ----A---- C:\Windows\SYSWOW64\java.exe
2010-09-08 21:40:10 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2010-09-08 21:40:00 ----D---- C:\Program Files (x86)\Java
2010-08-27 09:34:39 ----D---- C:\Users\David\AppData\Roaming\Convivea

======List of files/folders modified in the last 1 months======

2010-09-26 21:12:03 ----D---- C:\Windows\Temp
2010-09-26 21:08:54 ----D---- C:\Users\David\AppData\Roaming\uTorrent
2010-09-26 21:08:41 ----D---- C:\Windows\system32\config
2010-09-26 21:06:49 ----D---- C:\Users\David\AppData\Roaming\ICQ
2010-09-26 21:03:28 ----D---- C:\Program Files\Windows Live
2010-09-26 20:58:29 ----D---- C:\Windows\system32\Tasks
2010-09-26 20:57:24 ----SHD---- C:\Windows\Installer
2010-09-26 20:57:09 ----RD---- C:\Program Files (x86)
2010-09-26 20:57:08 ----HD---- C:\ProgramData
2010-09-26 20:56:27 ----D---- C:\Windows\system32\DriverStore
2010-09-26 20:56:27 ----D---- C:\Windows\system32\drivers
2010-09-26 20:56:27 ----D---- C:\Windows\system32\catroot
2010-09-26 20:56:27 ----D---- C:\Windows\inf
2010-09-26 20:56:24 ----D---- C:\Windows\System32
2010-09-26 20:55:12 ----D---- C:\Users\David\AppData\Roaming\Skype
2010-09-26 20:17:58 ----RD---- C:\Program Files
2010-09-26 18:52:42 ----A---- C:\Windows\system32\ServiceFilter.ini
2010-09-26 18:52:11 ----A---- C:\Windows\system32\AutoRunFilter.ini
2010-09-26 18:28:45 ----SHD---- C:\System Volume Information
2010-09-26 18:26:16 ----D---- C:\Windows\system32\catroot2
2010-09-26 17:00:36 ----D---- C:\Windows\SysWOW64
2010-09-26 17:00:33 ----D---- C:\Windows\winsxs
2010-09-26 17:00:08 ----D---- C:\Windows
2010-09-26 16:52:28 ----SD---- C:\Users\David\AppData\Roaming\Microsoft
2010-09-26 16:52:28 ----D---- C:\Windows\SYSWOW64\drivers
2010-09-26 16:01:47 ----D---- C:\Users\David\AppData\Roaming\skypePM
2010-09-26 15:28:49 ----D---- C:\Program Files (x86)\Windows Live
2010-09-25 20:27:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-24 22:07:39 ----D---- C:\Windows\Prefetch
2010-09-17 21:56:50 ----D---- C:\Program Files (x86)\Google
2010-09-15 22:09:42 ----A---- C:\Windows\system32\MRT.exe
2010-09-11 17:10:54 ----D---- C:\Windows\system32\wdi
2010-09-08 21:43:00 ----D---- C:\Program Files (x86)\Common Files
2010-09-05 21:55:00 ----D---- C:\Users\David\AppData\Roaming\Opera
2010-09-04 09:13:55 ----D---- C:\Windows\Downloaded Program Files
2010-09-04 09:13:54 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2010-09-01 21:13:12 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2010-08-28 23:07:42 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-27 22:22:43 ----D---- C:\Windows\system32\LogFiles
2010-08-27 21:48:27 ----D---- C:\Windows\system32\drivers\etc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2010-02-10 35384]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-06 408600]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2009-02-03 77432]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-03 834544]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 28752]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 121936]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 51280]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 157712]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 20048]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-07-01 43168]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-20 10603904]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 22936]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-07-06 310728]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []
S3 a3p7loqs;a3p7loqs; C:\Windows\system32\drivers\a3p7loqs.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 61792]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-12-08 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 OberonGameConsoleService;Oberon Media Game Console service; C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-08-19 75064]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-05 136176]
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\Windows\system32\sfrem02.exe [2006-05-11 607352]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-17 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]

-----------------EOF-----------------

edit url by earl

[earl]

Zdravim,

otestujte na VIRUSTOTALu

c:\programdata\SetWallpaper.cmd

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

Priste sem nedavejte presne url adresu - staci ji trochu pozmenit,jinak na ni nekdo muze kliknout a je ostuda

Jak se chova pc?

[mrkew2]

Pry normálně ale když má zaplý skype tak mu to posílá linky (je tam i ten na který klikl) zprávy atd..

[mrkew2]

Nemůže ho najít. Není tam.

[earl]

Co nemuze najit?

[mrkew2]

Ten c:\programdata\SetWallpaper.cmd

[earl]

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

Stahnete DDS a ulozte ho na plochu.

Zavrete vsechna spustena okna a spustte program jako Administrator, potvrdte licencni podminky a postupujte podle pokynu. Zacne scanovani.

Az skonci, tak by mel vytvorit 2 logy proto se vam 2krat otevre notepad. Jeden log bude mit nazev DDS.txt a druhy attach.txt.

Zkopirujte sem pouze ten DDS.txt.

V pripade nejasnosti navod zde

Stahnete GMER , rozbalte a spustte jako Administrator

probehne sken, po jehoz ukonceni na vas vyskoci vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu

absolvujte druhy sken a opet obsah logu sem.

[mrkew2]

Zatím log dds


DDS (Ver_10-03-17.01) - NTFSX64
Run by David at 19:04:00.88 on po 27.09.2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4061.2439 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\David\Desktop\uTorrent.exe
D:\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\David\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\System32\svchost.exe -k secsvcs
D:\BitComet\BitComet.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\David\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://search.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files (x86)\icq6toolbar\ICQToolBar.dll
mWinlogon: Userinit=userinit.exe
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\bitcomet\tools\BitCometBHO_1.4.6.22.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\david\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files (x86)\icq6toolbar\ICQToolBar.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files (x86)\icq6toolbar\ICQToolBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\users\david\desktop\uTorrent.exe"
uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_C4A2FC3E3722966204FDD8.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\srspre~1.lnk - c:\windows\installer\{e5cf6b9c-3abe-43c9-9413-ad5ffc98f049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all by FlashGet3 - c:\users\david\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\david\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - d:\novslo~1\office11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - d:\bitcomet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - d:\bitcomet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - d:\bitcomet\BitComet.exe/AddAllLink.htm
IE: ????3?? - c:\users\david\appdata\roaming\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\users\david\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: {71BFC818-0CED-42D6-9C87-5142918957EE} - d:\icq7.1\ICQ.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\bitcomet\tools\BitCometBHO_1.4.6.22.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\novslo~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot - search & destroy\SDHelper.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\Skype4COM.dll
BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun-x64: [EeeStorageBackup] c:\program files (x86)\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-2-10 15928]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 77432]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-2-10 379520]
R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2010-2-10 14904]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 168544]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2010-8-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 126320]
R2 ICQ Service;ICQ Service;c:\program files (x86)\icq6toolbar\ICQ Service.exe [2010-4-30 246520]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\asus\game park\gameconsole\OberonGameConsoleService.exe [2010-2-10 44312]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-10-15 117760]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-9 1222144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-6-5 136176]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-8-21 44032]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-29 61792]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files (x86)\windows live\family safety\fsssvc.exe [2008-12-8 533344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-9-17 30192]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1255736]

=============== Created Last 30 ================

2010-09-27 16:11:38 0 d-----w- c:\program files (x86)\CCleaner
2010-09-27 10:18:44 0 d-----r- c:\program files (x86)\Skype
2010-09-27 10:18:42 0 d-----w- c:\programdata\Skype
2010-09-26 20:09:32 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-26 20:09:32 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-26 19:46:23 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-09-26 19:42:38 0 d-----w- c:\programdata\ESET
2010-09-26 19:42:38 0 d-----w- c:\program files\ESET
2010-09-26 18:17:58 0 d-----w- c:\program files\trend micro
2010-09-26 16:26:38 0 d--h--we c:\programdata\AVP9
2010-09-26 15:00:36 0 ----a-w- c:\windows\syswow64\config.nt
2010-09-26 15:00:06 0 d-----w- c:\programdata\Alwil Software
2010-09-25 21:58:02 0 d-----w- c:\users\david\Tracing
2010-09-25 19:06:13 0 d-----w- c:\users\david\SystemRequirementsLab
2010-09-25 10:08:23 0 d-----w- C:\Downloads
2010-09-24 20:28:20 0 d-----w- c:\program files (x86)\3DO
2010-09-24 20:27:41 306688 ----a-w- c:\windows\IsUninst.exe
2010-09-24 20:10:03 14658 ----a-w- c:\windows\War3Unin.dat
2010-09-24 20:10:02 2829 ----a-w- c:\windows\War3Unin.pif
2010-09-24 20:10:02 126976 ----a-w- c:\windows\War3Unin.exe
2010-09-18 21:01:51 0 d-----w- c:\users\david\appdata\roaming\BitComet
2010-09-15 20:09:06 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-15 18:06:58 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 19:43:00 0 d-----w- c:\programdata\Sun
2010-09-08 19:40:10 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-09-08 19:40:10 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-09-08 19:40:10 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-09-08 19:40:10 145184 ----a-w- c:\windows\syswow64\java.exe

==================== Find3M ====================

2010-09-25 18:27:40 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-09-25 18:27:40 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-09-01 19:13:12 214520 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-08-19 21:27:48 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-07-31 21:26:49 2250024 ----a-w- c:\windows\syswow64\pbsvc.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-28 19:14:50 98304 ----a-w- c:\windows\syswow64\CmdLineExt.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-20 03:47:54 161304 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-20 03:47:52 508952 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-20 03:47:50 415256 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-20 03:47:48 386584 ----a-w- c:\windows\system32\hkcmd.exe
2010-07-20 03:47:48 223768 ----a-w- c:\windows\system32\igfxext.exe
2010-07-20 03:47:46 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-07-20 03:47:44 152600 ----a-w- c:\windows\system32\difx64.exe
2010-07-20 03:44:20 90112 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2010-07-20 03:40:36 6544896 ----a-w- c:\windows\system32\igdumd64.dll
2010-07-20 03:39:02 439308 ----a-w- c:\windows\syswow64\igcompkrng500.bin
2010-07-20 03:39:02 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-07-20 03:39:00 982240 ----a-w- c:\windows\syswow64\igkrng500.bin
2010-07-20 03:39:00 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-07-20 03:39:00 92356 ----a-w- c:\windows\syswow64\igfcg500m.bin
2010-07-20 03:39:00 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-07-20 03:36:54 4966400 ----a-w- c:\windows\syswow64\igdumd32.dll
2010-07-20 03:34:38 571904 ----a-w- c:\windows\syswow64\igdumdx32.dll
2010-07-20 03:33:36 4717568 ----a-w- c:\windows\system32\igd10umd64.dll
2010-07-20 03:31:16 4410880 ----a-w- c:\windows\syswow64\igd10umd32.dll
2010-07-20 03:26:20 15032832 ----a-w- c:\windows\system32\ig4icd64.dll
2010-07-20 03:19:14 11041280 ----a-w- c:\windows\syswow64\ig4icd32.dll
2010-07-20 03:14:28 243200 ----a-w- c:\windows\system32\igfxpph.dll
2010-07-20 03:14:22 380416 ----a-w- c:\windows\system32\igfxTMM.dll
2010-07-20 03:14:16 27648 ----a-w- c:\windows\system32\igfxexps.dll
2010-07-20 03:14:04 61952 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-07-20 03:13:38 108032 ----a-w- c:\windows\system32\hccutils.dll
2010-07-20 03:13:30 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-07-20 03:13:28 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-07-20 03:13:28 271360 ----a-w- c:\windows\system32\igfxdev.dll
2010-07-20 03:12:58 830464 ----a-w- c:\windows\system32\igfxress.dll
2010-07-20 03:12:58 142336 ----a-w- c:\windows\system32\igfxdo.dll
2010-07-20 03:09:44 23552 ----a-w- c:\windows\syswow64\igfxexps32.dll
2010-07-20 03:09:02 228352 ----a-w- c:\windows\syswow64\igfxdv32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-08-03 20:00:19 36232 ----a-w- c:\windows\inf\perflib\0405\perfd.dat
2009-08-03 20:00:19 36232 ----a-w- c:\windows\inf\perflib\0405\perfc.dat
2009-08-03 20:00:19 292004 ----a-w- c:\windows\inf\perflib\0405\perfi.dat
2009-08-03 20:00:19 292004 ----a-w- c:\windows\inf\perflib\0405\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-08 18:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
2008-05-22 16:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
2007-06-12 17:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:04:35.87 ===============

[mrkew2]

Gmer nejaká chyba

gmerchyba.jpg (68.15 KiB) Zobrazeno 1677 x

[earl]

Odinstalujte Spybot - je zastaraly a v pc je Windows Defender.

Mate v pc Avast a Nod32 - jestli je NOD32 zakoupen,tak Avast odinstalujte,at se rezidentni stity mezi sebou nehadaji.

Stahnete si na plochu a rozbalte RootRepeal

spustte RootRepeal.exe jako spravce - klepnete na File a potom na Scan - po skenu kliknete na Save Report a log vlozte sem.

V pripade nejasnosti navod v mem podpisu.

Jak presne vypada ten link ze Skypu?

[mrkew2]

To s toho skype

Kód: Vybrat vše

Foto :D hxxp://share-fotos.com/view_id.php

Ten program nejde nebo má 64 bit verzi.

[earl]

Pouzijte MBAM

instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

Stahnete Rootkit Revealer

Rozbalte ZIP archiv a spustte aplikaci.

Kliknete na tlacitko Scan a po dokonceni scanu kliknete na File - Save a ulozeny log vlozte sem.

[David777]

tu je log z MBAM:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4711

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.9.2010 17:06:58
mbam-log-2010-09-28 (17-06-58).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 321515
Uplynulý čas: 45 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Windows\System32\secushr.dat (Malware.Trace) -> No action taken.






ale ten RootkitRevealer mi nejde spustit.... když ho rozkliknu tak to nic nerobi... ani se to nspusti...

[mrkew2]

Jen pro informaci psát to tu už bude david777.

[earl]

Beru na vedomi.

Dejte smazat,co MBAM nasel.

Stahnete MBR

ulozte ho na plochu-spustte "Run as Administrator"- vytvori se log mbr.log, vlozte ho cely sem.

Stahnete RootkitBooster

rozbalte do slozky na plose a spustte "Run as Administrator",

dejte Scan,po ukonceni povolte ulozeni logu,ten pak vlozte sem.